Access Control Flaw in OpenStack Image Registry for Glance by OpenStack
CVE-2013-4428

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
27 October 2013

Summary

The OpenStack Image Registry and Delivery Service (Glance) has an access control flaw that allows remote authenticated users to gain unauthorized access to cached images. This issue arises when the download_image policy is misconfigured, enabling users to read otherwise restricted images simply by utilizing the image UUID. Affected versions include Folsom, Grizzly prior to 2013.1.4, and Havana prior to 2013.2. Organizations using these versions should take immediate steps to assess and mitigate the risk.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.